Bitlocker Recovery Password saved to file January 22, 2010

In MDT deployment I have Bitlocker set to save the recovery key to AD. However, I am noticing that it is also copying the recovery key to either C: root or the USB flash drive. How do I control this behavior?

In MDT 2010, the ZTIBDE.wsf script will perform most nasty administrative tasks in the background automatically. That is the beauty of MDT. However, some administrators may wish to control this Recovery File in a manner other than the default, which is to save the file to the C: drive or to a USB Key.

MDT Saves the recovery key even though the administrator told MDT to save the Password into Active Directory, as a backup process, just in case AD was *not* able to save the data to AD.

Disable Key Save

There are two ways to prevent ZTIBDE.wsf from saving the Administrator password in Active Directory.

Share this:

Like this:

Related

What if you have the GP set to not enable bitlocker until the recovery key was stored successfully? Does this script somehow override that and thus cause some machines to be encrypted with no known recovery method?